Guest User

Untitled

a guest
May 23rd, 2018
92
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.59 KB | None | 0 0
  1. # Embedded file name: /app/sqli_lv1/content/app/sql/views.py
  2. from flask import render_template, request, flash, current_app, send_file
  3. from ..app import db
  4. from . import sql
  5. from .models import Darkside, Lightside
  6. from hashlib import sha256
  7. import re
  8. import sqlite3
  9.  
  10. @sql.before_app_first_request
  11. def init_app():
  12. if db.session.query(Lightside).count() == 2:
  13. return
  14. realJEDI = Lightside(username=current_app.config['USER'], password=sha256(current_app.config['PASSWD']).hexdigest())
  15. jedi = Lightside(username=current_app.config['USER'], password=sha256(current_app.config['USER']).hexdigest())
  16. stormtrooper = Darkside(username='stormtrooper', password=sha256('stormtrooper').hexdigest())
  17. db.session.add(stormtrooper)
  18. db.session.add(jedi)
  19. db.session.add(realJEDI)
  20. db.session.commit()
  21.  
  22.  
  23. @sql.route('/', methods=['GET'])
  24. def index():
  25. return render_template('login.html')
  26.  
  27.  
  28. @sql.route('/pyc', methods=['GET'])
  29. def pyc():
  30. return send_file(__file__)
  31.  
  32.  
  33. @sql.route('/login', methods=['GET'])
  34. def login():
  35. username = request.args.get('username', '')
  36. password = request.args.get('password', '')
  37. side = request.args.get('side', '')
  38. if username == '':
  39. flash('Please enter a username')
  40. return render_template('login.html')
  41. elif password == '':
  42. flash('Please enter a password')
  43. return render_template('login.html')
  44. elif side == '':
  45. flash('Please select a side')
  46. return render_template('login.html')
  47. else:
  48. con = sqlite3.connect('app/sqli_lv1.sqlite')
  49. con.row_factory = sqlite3.Row
  50. cur = con.cursor()
  51. try:
  52. query = " SELECT username\n FROM `%s`\n WHERE username='%s' LIMIT 1" % (sql_filter(side), sql_filter(username))
  53. cur.execute(query)
  54. result = cur.fetchone()
  55. if result != None:
  56. query = " SELECT *\n FROM `%s`\n WHERE password='%s' and username='%s' LIMIT 1" % (sql_filter(side), sha256(password).hexdigest(), sql_filter(username))
  57. cur.execute(query)
  58. else:
  59. flash('That username did not exist!')
  60. return render_template('login.html')
  61. except sqlite3.Error as e:
  62. error_msg = xss_filter('error: {0}.'.format(e.args[0]))
  63. query = xss_filter('query: {0}.'.format(query))
  64. print '[+] sql error: ', e, query
  65.  
  66. result = cur.fetchone()
  67. if result == None:
  68. flash('Invalid username/password')
  69. elif result['username'] == current_app.config['USER'] and result['password'] == sha256(current_app.config['PASSWD']).hexdigest():
  70. flash('Are you realJEDI? This is your lightsaber! {0}'.format(current_app.config['FLAG']))
  71. else:
  72. flash('Welcome back <b>{0}</b> ! Sorry, we are under construction!'.format(xss_filter(username)))
  73. return render_template('login.html')
  74.  
  75.  
  76. def xss_filter(payload):
  77. payload = payload.replace('<', '<').replace('>', '>')
  78. return payload
  79.  
  80.  
  81. sql_blacklist = ['drop',
  82. 'my',
  83. 'heart',
  84. 'set',
  85. 'love',
  86. '=',
  87. 'null',
  88. 'where',
  89. 'you',
  90. 'is',
  91. 'not',
  92. 'like',
  93. 'me',
  94. 'by',
  95. 'insert',
  96. 'limit',
  97. 'from',
  98. '1',
  99. '2',
  100. '3',
  101. '5',
  102. ';']
  103.  
  104. def addslashes(s):
  105. d = {'"': '\\"',
  106. "'": "\\'",
  107. '\x00': '\\\x00',
  108. '\\': '\\\\'}
  109. return ''.join((d.get(c, c) for c in s))
  110.  
  111.  
  112. def sql_filter(payload):
  113. for badword in sql_blacklist:
  114. regex = re.compile(re.escape(badword), re.I)
  115. payload = regex.sub('***', payload)
  116.  
  117. payload = addslashes(payload)
  118. return payload
Add Comment
Please, Sign In to add comment